AMENDMENTS TO THE SPECIFICATION: 

On page 6, after line 6 insert the following paragraph. 

The internal portion 102a and the internal portion 104a communicate via connection points (CP) 
25 across intervening network 132. 

Replace the paragraph on page 7, beginning at line 8, with: 

If necessary, MN1 executes a Binding Update with SGI. Therefore SGI maps the external HoA 
of MN2 to the external Co A (care-of-address) of MN2 and tunnels packets addressed for MN1 
from the internal portion 102a to the external CoA of MN2 in the external portion 102b. 

Replace the paragraph on page 9, beginning at line 18, with: 

When a new optimal VCA/SG has been identified which is in a different segment, VCA1 
automatically sends 234 the context of MN1 to the VCA of the optimal segment (VCA2). The 
VCAs can communicate with authentication, authorization, and accounting ( AAA) attribute- 
value-pairs (AVP) between segments, and the VCA functionally can be combined with AAA 
infrastructure. The information sent may additionally identify the location of MN1 so that VCA2 
can determine the optimal SG 
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AMENDMENTS TO THE SPECIFICATION CONTINUED: 

Insert after page 19 the following: 

Abstract: A virtual private network has an internal secured portion which connects to an external 
portion, the network via at least a first gateway and via a second gateway. There are a plurality 
of workstations including at least one mobile workstation in the external portion. The network 
automatically changes the point through which the mobile workstation communicates with the 
internal portion of the network from the first gateway to the second gateway, in response to 
movement of the mobile workstation. Context information is transferred to the second gateway. 
The context information includes an identifier of the mobile workstation and may also include 
material for defining secure communication means by which information is transferable securely 
between the mobile workstation in the external portion of the network and the internal portion of 
the network, via the second gateway. 
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